Let's customize

Each visitor to your site who wants to customize the view
will need a unique account. Visitors register by filling out
a simple form. You should not activate visitors' accounts until
they verify their account information by responding to an e-mail from
the site. This should help to minimize
bogus accounts, because you can run nightly queries and delete accounts that
that have not been activated after a period of time.

I have included some sample code in login.php that
handles both regular logins and new user registration. By passing additional
variables to a PHP script you can determine which action to perform and
keep the number of scripts to a minimum.

After visitors register for an account, they are sent an e-mail
with a link that contains a confirmation code. By following this link and
entering an e-mail address and password, visitors verify their
accounts and are taken to the user preferences page (edit_user.php).
On this page, visitors can enter their first and last names,
the news sources they do not want to see when they visit your site (the
default is all sources), and the colors used to display site structural
elements. The First Name field is used to greet the user when they
visit your site. Figure 1 shows an example of the preferences page.

The get_user_data function is called with a parameter that
contains the visitor's user ID. The function then defines a set of global variables
so that they can be imported into the scope of the function. Next, it queries
the database to retrieve all the information about the given user ID, while
checking to make sure the user ID is active. If the user ID is found, the
code calls the session_register function to register the visitor's
session variables.

Session management is a new feature of PHP version 4. To use this feature,
you have to activate it by calling the session_start function
in every script that needs session management. To start session management automatically
on every script, set the session.auto_start
variable to 1 in your php.ini file.
When visitors come to your site, they are assigned a session
identifier, a semirandom hash value that uniquely identifies each visitor. The session
ID is stored either as a cookie in the user's browser or as a URL parameter.
When you register session variables for a user, the variables are passed along in
the global $HTTP_STATE_VARS array. Your scripts can now access the global
variables for each session without having to pass them to each
other. The final section of code in this function pulls the data from the
query result (the $row variable), and stores it in the session
variables as separate preferences.